From 676ab8e316f3705a61170f11653f22bb630f3aa7 Mon Sep 17 00:00:00 2001
From: Andreas Hasenack <andreas.hasenack@canonical.com>
Date: Sun, 3 Dec 2023 15:40:37 -0300
Subject: [PATCH] apt-news.service: XXX remove all systemd restrictions

---
 systemd/apt-news.service | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/systemd/apt-news.service b/systemd/apt-news.service
index afbae9d22e..5793b5318f 100644
--- a/systemd/apt-news.service
+++ b/systemd/apt-news.service
@@ -15,22 +15,22 @@ Description=Update APT News
 Type=oneshot
 ExecStart=/usr/bin/python3 /usr/lib/ubuntu-advantage/apt_news.py
 AppArmorProfile=ubuntu_advantage_apt_news
-CapabilityBoundingSet=~CAP_SYS_ADMIN
-CapabilityBoundingSet=~CAP_NET_ADMIN
-CapabilityBoundingSet=~CAP_NET_BIND_SERVICE
-CapabilityBoundingSet=~CAP_SYS_PTRACE
-CapabilityBoundingSet=~CAP_NET_RAW
-NoNewPrivileges=true
-PrivateDevices=true
-PrivateTmp=true
-ProtectControlGroups=true
-ProtectHome=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
-ProtectSystem=full
-RestrictAddressFamilies=~AF_NETLINK
-RestrictAddressFamilies=~AF_PACKET
-RestrictSUIDSGID=true
+#CapabilityBoundingSet=~CAP_SYS_ADMIN
+#CapabilityBoundingSet=~CAP_NET_ADMIN
+#CapabilityBoundingSet=~CAP_NET_BIND_SERVICE
+#CapabilityBoundingSet=~CAP_SYS_PTRACE
+#CapabilityBoundingSet=~CAP_NET_RAW
+#NoNewPrivileges=true
+#PrivateDevices=true
+#PrivateTmp=true
+#ProtectControlGroups=true
+#ProtectHome=true
+#ProtectKernelModules=true
+#ProtectKernelTunables=true
+#ProtectSystem=full
+#RestrictAddressFamilies=~AF_NETLINK
+#RestrictAddressFamilies=~AF_PACKET
+#RestrictSUIDSGID=true
 # Unsupported in bionic
 # XXX find a way to handle this dynamically
 # Suggestion from systemd.exec(5) manpage on SystemCallFilter